This invention relates to a method and apparatus for preventing a customer programmable platform from causing security threats to itself or to a communication system. While the invention is particularly directed to the art of telecommunications, and will be thus described with specific reference thereto, it will be appreciated that the invention may have usefulness in other fields and applications.
By way of background, next generation service architectures are being designed to support a vibrant myriad of possibilities for creation and introduction of new services, many of which will use programmable platforms to deliver new services. For example, the Alcatel-Lucent Service Broker is a customer programmable platform that can be used by service providers to blend/mediate their IP Multimedia Subsystem (IMS) services. The customer-programmable nature of this platform introduces special security concerns for a service provider's network. These concerns are heightened given that the Service Broker is an integral part of the IMS architecture. As an example of the security threat, a malicious or poorly programmed service uploaded to the Service Broker could flood the network with Session Initiation Protocol (SIP) messages, effectively causing a denial of service attack on other network elements as they go into overload condition. Another threat is a service that puts the Service Broker itself into an overload condition, for example, with hanging processes. Even though these types of problems cannot be fully eliminated in a programmable platform, ideally the platform itself should have built-in safeguards to notify the platform user (i.e., the service provider) of possible undesirable behavior.
The present invention contemplates a new and improved method and apparatus that resolve the above-referenced difficulties and others by detecting and resolving suspicious message sending patterns and suspicious processes in a flexible way, suitable for the needs of a programmable platform.